OK, so th new Auth system is all default and everything, and we’re all up and running, but I’m still getting warnings trying to use GPS logger.
ATM I’m using it with the legacy API password tacked on the end of the url, in the logs I get the warning that I need to use the Bearer Token.
Where do I find this? The long string of letters and numbers under my name in the users section doesn’t work, and a google search leads me to these two pages:
and
Number of things I understand from reading those two pages can be counted on one hand, so could somebody please give me a clue??
I kinda expected to go in to my user account and find a button saying “generate new token”, and then it says “what for?” and I say “gps logger” and it says “here, have this 20 digit random thing” and then I tack the 20-digit random thing on the end of the gps logger url and delete my legacy password and all is well.
Is this how it is supposed to work? And if so where’s the button??
Right now, the bearer token isn’t really documented yet, it’s a thing that has been raised with the developers
The warnings are also aimed at the developer of the component. The expectation is that people using components will talk to the developers and put pressure on them to update from the api_password.
OK, so I take it none of the ‘dial home’ device trackers are working anymore then?
Obviously my Bluetooth one is fine, but GPS logger for me and ios for the ladies in my life are basically just causing ip bans every 15 minutes.
I was going to move us all to owntracks http, but there haven’t been any recent commits for that either.
Any reason I can’t just have a ‘single use code’ that I can generate myself and add to the end of a url like we used to be able to?
Don’t get me wrong, I’m all for this upgrade in security, but the security of my actual house relies on presence detection so I need to know where this is going pretty soon
Oh no, they’ll still be working - it’s just complaining in the logs. Think of it like kids in the car going “are we nearly there yet”. It’s going to keep complaining at you until enough folks nag the component developer to fix it.
Of course, first the HA developers need to publish documentation on how to use it
Until then you’ve a couple of choices. Choice (a) is to carry on as you are. Choice (b) is to temporarily switch to a component password.
Personally, I’d do nothing for now, and wait a while for enough documentation so that the component dev can fix it. If they don’t then we can all start talking to them about it (I use GPS Logger too, if it stops working I’m going to be unhappy!).
Ah, OK, that’s not my experience here. Every time I get that warning in the log I also get a warning that I have a ‘failed or unauthorised login’ (or something). Obviously once a couple of those happen the ip ban kicks in, so if we’re all sat at home we’re all locked out of homeassistant in less than half an hour.
I’ve not seen any other reports on that, but I’ve also not upgraded to 0.77 myself yet. If you’re seeing it ban you with a valid API password then I’d raise an issue in Github.
I have no idea what LLAC is, but it’s working fine with api_password now that I’ve moved that configuration back in to the configuration.yaml from the package it was in
